AWS Route 53
SPF hard fail example...
v=spf1 ip4:192.168.0.1 -all
In the above example the minus "-" in front of "all" means that any senders not listed in this SPF record should be treated as a "hardfail", ie. they are unauthorised and emails from them should be discarded. In this case only the IP address 192.168.0.1 is authorized to send emails.
SPF soft fail example...
v=spf1 include:amazonses.com ~all
In the above example the tilde "~" in front of "all" means that any servers not listed in this SPF record should be treated as a "softfail", ie. mail can be allowed through but should be tagged as spam or suspicious. In this case the include:spf.protection.outook.com authorizes Office 365 to send emails. Any emails originating from different servers should be marked as spam by the receivers.
There is an unofficial, well maintained command line app called cli53.
cli53 provides import and export from BIND format and simple command line management of Route 53 domains.
- import and export BIND format
- create, delete and list hosted zones
- create, delete and update individual records
- create AWS extensions: failover, geolocation, latency, weighted and ALIAS records
- create, delete and use reusable delegation sets
Latest version: 0.8.18 (17 JAN 2021)
wget -O cli53 https://github.com/barnybug/cli53/releases/download/0.8.18/cli53-linux-amd64 sudo install -m 755 ./cli53 /usr/local/bin/cli53
To configure your Amazon credentials, either place them in a file ~/.aws/credentials:
[default] aws_access_key_id = AKID1234567890 aws_secret_access_key = MY-SECRET-KEY
Export Zone File As TXT
List domain name zones...
cli53 list --profile default
Export domain name zone...
cli53 export --full --profile default domain.co.uk
cli53 create example.com --comment 'my first zone'
cli53 rrcreate example.com 'www 60 A 192.168.0.1'
cli53 rrcreate example.com '@ MX 10 mail1.' '@ MX 20 mail2.'
A record using specific AWS profile...
cli53 rrcreate --profile profilename example.com 'www 60 A 192.168.0.1'
CNAME record using specific profile. For CNAME records, relative domains have no trailing dot, but absolute domains should...
cli53 rrcreate --profile profilename example.com 'host CNAME data' cli53 rrcreate --profile profilename example.com 'host CNAME anotherhost.domain.com.'
cli53 rrcreate --replace example.com 'www 60 A 192.168.0.2'
cli53 rrdelete example.com www A cli53 rrdelete example.com @ MX
Redirect Domain Using S3
Route 53 Hosted Zone -> A Record ALIAS -> S3 Bucket Endpoint -> Static Website Hosting -> Redirect Requests -> Domain
Make sure you create a bucket with the same subdomain as well.
domain.co.uk -> bucket with exact same name www.domain.co.uk -> bucket with exact same name
Use GANDI Free Email Forwarding
The domain registrar, gandi, provides 2 free e-mail addresses per domain, and unlimited forwarding accounts.
While your domain may be hosted on AWS (using aws nameservers), you can update the dns configuration to point to gandi's mail servers, and setup and manage all your domain name e-mail addresses from gandi's console.
This is managed in you aws console under Route53, Hosted Zones. You'll then want to create two record sets for the domain as follows:
Type Alias TTL Value Routing Policy MX No 10800 10 spool.mail.gandi.net. Simple MX No 10800 50 fb.mail.gandi.net. Simple TXT No 10800 "v=spf1 include:_mailcust.gandi.net ?all" Simple